Threat Center Security News VMware Player Multiple Vulnerabilities
VMware Player Multiple Vulnerabilities Print E-mail
Written by Rebecca Mints   
Monday, 01 September 2008 21:49

VMware has acknowledged some vulnerabilities in VMware Player, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system

 

  • Various vulnerabilities are caused due to unspecified errors within certain ActiveX controls. These can be exploited to e.g. execute arbitrary code by tricking a user into visiting a malicious website.
  • An unspecified error related to "OpenProcess" can be exploited by malicious, local users on a host system to gain escalated privileges on the host system. This vulnerability affects VMware Player 1.x for Linux only.
  • Some vulnerabilities in freetype can potentially be exploited by malicious people to compromise an application using the library. For more information: SA30600
  • A vulnerability in cairo can potentially be exploited by malicious people to compromise an application using the library. For more information: SA27880 This vulnerability affects VMware Player 2.x for Linux only.

 

SOLUTION: VMware Player 1.x: Update to version 1.0.8 build 108000 or later.
VMware Player 2.x: Update to version 2.0.5 build 109488 or later.

Source: http://www.secuobs.com/secumail/snsecumail/msg11944.shtml

 

WTW Threat Level